Top-Clicked Phishing Email Subjects: Q3 2020
Each quarter, KnowBe4 - the world’s largest security awareness training and simulated phishing platform - publishes the top-clicked phishing emails by subject lines. The results come from their millions of users reporting real phishing emails. The subjects are categorized into three different categories: those related to social media, general subjects, and 'In the Wild'.
The first two categories contain email subjects created by KnowBe4 to test their clients’ security posture. ‘In the Wild’ attacks refer to those email subjects that were real phishing emails and not KnowBe4 templates.
Top Clicked Email Subjects
Top-Clicked Social Media Related Subjects in Q3 2020:
People are looking at your LinkedIn profile
You appeared in new LinkedIn searches this week
Please add me to your LinkedIn Network
Join my network on LinkedIn
Someone has sent you a Direct Message on Twitter
Your friend tagged you in photos on Facebook
New voice message at 1:23AM
Login alert for Chrome on Motorola Moto X
Someone may have accessed your account
You have a new WhatsApp message
Top 10 Most-Clicked General Email Subjects in Q3 2020:
Payroll deduction form
Please review the leave law requirements
Password Check Required Immediately
Required to read or complete: “COVID-19 Safety Policy”
COVID-19 Remote Work Policy Update
Vacation Policy Update
Scheduled Server Maintenance -- No Internet Access
Your team shared “COVID 19 Amendment and Emergency leave pay policy” with you via OneDrive
Official Quarantine Notice
COVID-19: Return to Work Guidelines and Requirements
Most Common 'In the Wild' Attacks in Q3 2020:
Microsoft: View your Microsoft 365 Business Basic Invoice
HR: Pandemic Policy Update
IT: Remote Access Infrastructure
Facebook: Account Warning
Check your passport expiration date
TeleMed Appointment Reminder
Twitter: Confirm your identity
Apple Take part in out iPhone 12 trial and enter for the chance to win a FREE iPhone12
Exchange ActiveSync service disabled for [[email]]
HR: Benefit Report
Key Takeaways
Fake LinkedIn messages consistently top the list of social media email subjects. There is likely a perception that these emails are legitimate because they appear to be coming from a professional network. It's a significant problem because many LinkedIn users have their accounts tied to their corporate email addresses. Top-clicked subjects in this category reveal password resets, tagging of photos and new messages.
Phishing email attacks leveraging COVID-19 have been on every quarterly report this year, and they still made up 50% of the total in Q3 2020.
Cybercriminals continue to prey on heightened stress, distraction, urgency, curiosity, and fear in users brought on by the pandemic and working from home. These types of attacks are effective because they cause a person to react before thinking logically about the legitimacy of the email.
See KnowBe4’s original post.
Kotman Technology has been delivering comprehensive technology solutions to clients in California and Michigan for nearly two decades. With a customer retention of over 98%, we pride ourselves on being the last technology partner you'll ever need. Contact us today to experience the Kotman Difference.